Please download the lab skeleton from here: lab2.zip The archive contains several files, just need the following:
You need to fill in the TODOs from ex3.py.
Important changes in Python3:
for key, value in dict.items(): if str in key: do_something()
(use ex3.py from lab2 zip file)
Charlie manages to capture a last communication which turns out to be the most important, so it is crucial he decrypts it. However, this time Alice used the Vigenere cipher, with a key that Charlie knows has 7 characters.
The ciphertext is in the file attached. Try the method of multiplying probabilities as explained in class and see if you can decrypt the ciphertext. You can find details about this method here.
These are the known frequencies of the plaintext:
{'A': 0.07048643054277828, 'C': 0.01577161913523459, 'B': 0.012074517019319227, 'E': 0.13185372585096597, 'D': 0.043393514259429625, 'G': 0.01952621895124195, 'F': 0.023867295308187673, 'I': 0.06153403863845446, 'H': 0.08655128794848206, 'K': 0.007566697332106716, 'J': 0.0017594296228150873, 'M': 0.029657313707451703, 'L': 0.04609015639374425, 'O': 0.07679967801287949, 'N': 0.060217341306347746, 'Q': 0.0006382244710211592, 'P': 0.014357175712971482, 'S': 0.05892939282428703, 'R': 0.05765294388224471, 'U': 0.02749540018399264, 'T': 0.09984475620975161, 'W': 0.01892824287028519, 'V': 0.011148804047838086, 'Y': 0.023045078196872126, 'X': 0.0005289788408463661, 'Z': 0.00028173873045078196}
The goal of this exercise is to implement the meet-in-the-middle attack on double DES. For this, you are given a starter code (see below), implemented using the Pycrypto library: https://pypi.python.org/pypi/pycrypto
Perform the following tasks:
2DES( (k1,k2), m) = DES(k1, DES(k2, m))
c1 = 'cda98e4b247612e5b088a803b4277710f106beccf3d020ffcc577ddd889e2f32'
c2 = '54826ea0937a2c34d47f4595f3844445520c0995331e5d492f55abcf9d8dfadf'
as hex strings (i.e. you need to decode them to get the actual byte strings to use with DES, e.g. binascii.unhexlify(c1))
Decrypt them using the following keys:
k1 = 'Smerenie'
k2 = 'Dragoste'
The plaintext corresponding to c1 is m1='Fericiti cei saraci cu duhul, ca'. Find the plaintext m2 corresponding to c2.
Note also that for this exercises, we shall be using the default values when initialising the DES cipher (i.e. ECB mode and no IV).
m1 = 'Pocainta' (in byte string, i.e. can be used directly with Pycrypto DES)
c1 = '9f98dbd6fe5f785d' (in hex string, you need to hex-decode)
m2 = 'Iertarea'
c2 = '6e266642ef3069c2'
Due to a problem with the PRG, you also know the last 6-bytes of each key (note we now have a different key than for the previous exercises): k1 (last 6 bytes) = 'oIkvH5' k2 (last 6 bytes) = 'GK4EoU'
To build a table, I recommend using a list of tuples, where you add new (key,enc) pairs as follows:
tb = [] tb.append(('keyval', 'encva'))
To sort the table, you can do this:
import operator tbs = sorted(tb, key=operator.itemgetter(1) #sort by value
Another example:
>>> import operator >>> b=[(5,'0'),(1,'0'),(1,'0'),(2,'0'),(4,'0')] >>> sorted(b,key=operator.itemgetter(0)) #sort by key [(1, '0'), (1, '0'), (2, '0'), (4, '0'), (5, '0')] >>> b=[(5,'abc'),(1,'acb'),(1,'abc'),(2,'dda'),(4,'abc')] >>> sorted(b,key=operator.itemgetter(1)) #sort by value [(5, 'abc'), (1, 'abc'), (4, 'abc'), (1, 'acb'), (2, 'dda')]
To search with binary search, first select just the second column (to search the encryptions):
tenc = [value for _,value in tbs]
then use the bisect library (e.g. bisect.bisect_left) https://docs.python.org/2/library/bisect.html
The starter code is this:
import sys import random import string from operator import itemgetter import time import bisect import binascii from Crypto.Cipher import DES def strxor(a, b): # xor two strings (trims the longer input) return "".join([chr(ord(x) ^ ord(y)) for (x, y) in zip(a, b)]) def hexxor(a, b): # xor two hex strings (trims the longer input) ha = a.decode('hex') hb = b.decode('hex') return "".join([chr(ord(x) ^ ord(y)).encode('hex') for (x, y) in zip(ha, hb)]) def bitxor(a, b): # xor two bit strings (trims the longer input) return "".join([str(int(x)^int(y)) for (x, y) in zip(a, b)]) def str2bin(ss): """ Transform a string (e.g. 'Hello') into a string of bits """ bs = '' for c in ss: bs = bs + bin(ord(c))[2:].zfill(8) return bs def str2int(ss): """ Transform a string (e.g. 'Hello') into a (long) integer by converting first to a bistream """ bs = str2bin(ss) li = int(bs, 2) return li def hex2bin(hs): """ Transform a hex string (e.g. 'a2') into a string of bits (e.g.10100010) """ bs = '' for c in hs: bs = bs + bin(int(c,16))[2:].zfill(4) return bs def bin2hex(bs): """ Transform a bit string into a hex string """ bv = int(bs,2) return int2hexstring(bv) def byte2bin(bval): """ Transform a byte (8-bit) value into a bitstring """ return bin(bval)[2:].zfill(8) def int2hexstring(bval): """ Transform an int value into a hexstring (even number of characters) """ hs = hex(bval)[2:] lh = len(hs) return hs.zfill(lh + lh%2) def get_index(a, x): 'Locate the leftmost value exactly equal to x in list a' i = bisect.bisect_left(a, x) if i != len(a) and a[i] == x: return i else: return -1 def des_enc(k, m): """ Encrypt a message m with a key k using DES as follows: c = DES(k, m) Args: m should be a bytestring (i.e. a sequence of characters such as 'Hello' or '\x02\x04') k should be a bytestring of length exactly 8 bytes. Note that for DES the key is given as 8 bytes, where the last bit of each byte is just a parity bit, giving the actual key of 56 bits, as expected for DES. The parity bits are ignored. Return: The bytestring ciphertext c """ d = DES.new(k) c = d.encrypt(m) return c def des_dec(k, c): """ Decrypt a message c with a key k using DES as follows: m = DES(k, c) Args: c should be a bytestring (i.e. a sequence of characters such as 'Hello' or '\x02\x04') k should be a bytestring of length exactly 8 bytes. Note that for DES the key is given as 8 bytes, where the last bit of each byte is just a parity bit, giving the actual key of 56 bits, as expected for DES. The parity bits are ignored. Return: The bytestring plaintext m """ d = DES.new(k) m = d.decrypt(c) return m def main(): # Exercitiu pentru test des2_enc key1 = 'Smerenie' key2 = 'Dragoste' m1_given = 'Fericiti cei saraci cu duhul, ca' c1 = 'cda98e4b247612e5b088a803b4277710f106beccf3d020ffcc577ddd889e2f32' # TODO: implement des2_enc and des2_dec m1 = des2_dec(key1, key2, binascii.unhexlify(c1)) print('ciphertext: ', c1) print('plaintext: ', m1) print('plaintext in hexa: ', binascii.hexlify(m1)) # TODO: run meet-in-the-middle attack for the following plaintext/ciphertext m1 = 'Pocainta' c1 = '9f98dbd6fe5f785d' # in hex string m2 = 'Iertarea' c2 = '6e266642ef3069c2' # Note: you only need to search for the first 2 bytes of the each key: k1 = '??oIkvH5' k2 = '??GK4EoU' if __name__ == "__main__": main()